https://community.cisco.com/t5/network-access-control/aaa-authentication-issue/m-p/2174046#M137916 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Are you seeing any logs on the ACS? Which version of ACS are you using?</P><P></P><P>Also verify if the ASA has been added as the aaa client on the secondory ACS box.</P><P></P><P>Also if you have console access to the ASA you can verify aaa authetication with below commands.</P><P></P><P><EM><STRONG>test aaa-server authentication ACS username xxxx password xxxx</STRONG></EM></P><P></P><P>Regards</P><P></P><P>Najaf</P><P><EM><STRONG>Please rate when applicable or helpful !!!</STRONG></EM></P></BODY></HTML> Mon, 18 Mar 2013 05:55:11 GMT kcnajaf 2013-03-18T05:55:11Z https://community.cisco.com/t5/network-access-control/aaa-authentication-issue/m-p/2174045#M137895 <P>Dear All</P><P></P><P>i am running ASA5520 security appliance and have trouble to login to this device</P><P></P><P>we have used 2 ACS servers for example xxx.xxx.xxx.xxx and yyy.yyy.yyy.yyy</P><P>first priority is xxx.xxx.xxx.xxx and yyy.yyy.yyy.yyy is backup</P><P></P><P>recently we have removed xxx.xxx.xxx.xxx ACS server and running only yyy.yyy.yyy.yyy server for authentication</P><P>but after remove primary ACS server, i can not login to the ASA</P><P></P><P>real configuration is as below</P><P>aaa-server TACACS_NETWORK protocol tacacs+</P><P>aaa-server ACS protocol tacacs+</P><P>aaa-server ACS (inside) host xxx.xxx.xxx.xxx</P><P>key xxxxxxxx</P><P>aaa-server ACS (inside) host yyy.yyy.yyy.yyy</P><P>key yyyyyyyy</P><P>aaa authentication telnet console ACS LOCAL</P><P>aaa authentication http console ACS LOCAL</P><P>aaa authentication ssh console ACS LOCAL</P><P>aaa authentication enable console ACS LOCAL</P><P>aaa local authentication attempts max-fail 3</P><P></P><P>i think that my account should be authenticated using secondary ACS server yyy.yyy.yyy.yyy</P><P>but failed.</P><P>somebody help me to fix this issue or if password recovery is necessary, could you please summarize brief step??</P><P></P><P>Thank you </P> Mon, 11 Mar 2019 03:12:37 GMT https://community.cisco.com/t5/network-access-control/aaa-authentication-issue/m-p/2174045#M137895 rcsco2011 2019-03-11T03:12:37Z https://community.cisco.com/t5/network-access-control/aaa-authentication-issue/m-p/2174046#M137916 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Are you seeing any logs on the ACS? Which version of ACS are you using?</P><P></P><P>Also verify if the ASA has been added as the aaa client on the secondory ACS box.</P><P></P><P>Also if you have console access to the ASA you can verify aaa authetication with below commands.</P><P></P><P><EM><STRONG>test aaa-server authentication ACS username xxxx password xxxx</STRONG></EM></P><P></P><P>Regards</P><P></P><P>Najaf</P><P><EM><STRONG>Please rate when applicable or helpful !!!</STRONG></EM></P></BODY></HTML> Mon, 18 Mar 2013 05:55:11 GMT https://community.cisco.com/t5/network-access-control/aaa-authentication-issue/m-p/2174046#M137916 kcnajaf 2013-03-18T05:55:11Z https://community.cisco.com/t5/network-access-control/aaa-authentication-issue/m-p/2174047#M137966 <HTML><HEAD></HEAD><BODY><P>First of all verify that your ASA is failing over to the secondary server upon&nbsp; no response from the primary.</P><P>You can run tacacs+ debugs while trying to authenticate .</P><P>Also you need to check the ACS logs to verify if there is any attempt from your ASA.</P><P>Sometimes if you forgot to add your ASA as aaa client you might see messages</P><P>indicating bad request from Unknown NAS, this should give you a powerful indicator</P><P>that you need to add the ASA as AAA client. Sometimes there&nbsp; might be an issue </P><P>with the shared key , so you have to make sure that the shared key for your ASA on</P><P>the secondary is the same.</P><P></P><P>-------------------------------------------------------------------------------</P><P>Please make sure to rate correct answers</P></BODY></HTML> Mon, 18 Mar 2013 06:31:20 GMT https://community.cisco.com/t5/network-access-control/aaa-authentication-issue/m-p/2174047#M137966 maldehne 2013-03-18T06:31:20Z